glupteba | fb97064b40bf6f9f31d8899692e8bbfd7a9c2b5af1fc4da03b2b355a09cdef07 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

fb97064b40bf6f9f31d8899692e8bbfd7a9c2b5af1fc4da03b2b355a09cdef07
Size

4.1MB
Sample

220919-nz677sfdg4
MD5

203fe48591f60fad987f6810b52dc957
SHA1

a071b0afce1b8ec6882926799a2b27293be82cfd
SHA256

fb97064b40bf6f9f31d8899692e8bbfd7a9c2b5af1fc4da03b2b355a09cdef07
SHA512

1bb119336815ad80ae2f6c2dba5d86667fb4f9b72e68c9cefd2b15653aacbc51f11a99f2bf6f006789d96127a969d6c446b39eb52787080a20b88cc083b2f3c3
SSDEEP

49152:YJnLzpqdvdwbdHhITrkyH7JkeKGvVz0JhWdfBSuLLdgIcXx9WU5RQtA2Y7b2fOB0:OLgxqbdBzc6ovQEsMxQx8PY740Ruf

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

fb97064b40bf6f9f31d8899692e8bbfd7a9c2b5af1fc4da03b2b355a09cdef07.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  fb97064b40bf6f9f31d8899692e8bbfd7a9c2b5af1fc4da03b2b355a09cdef07
- Size
  
  4.1MB
- MD5
  
  203fe48591f60fad987f6810b52dc957
- SHA1
  
  a071b0afce1b8ec6882926799a2b27293be82cfd
- SHA256
  
  fb97064b40bf6f9f31d8899692e8bbfd7a9c2b5af1fc4da03b2b355a09cdef07
- SHA512
  
  1bb119336815ad80ae2f6c2dba5d86667fb4f9b72e68c9cefd2b15653aacbc51f11a99f2bf6f006789d96127a969d6c446b39eb52787080a20b88cc083b2f3c3
- SSDEEP
  
  49152:YJnLzpqdvdwbdHhITrkyH7JkeKGvVz0JhWdfBSuLLdgIcXx9WU5RQtA2Y7b2fOB0:OLgxqbdBzc6ovQEsMxQx8PY740Ruf
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy